Skip to content
/ Open-Source-SIEM_SOC-Stack Public

Building a complete Open-Source SIEM/SOC stack 🛡️. The stack integrates powerful tools for threat detection, incident response, threat intelligence, and visualization — providing a comprehensive environment for cybersecurity monitoring and analysis.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ArfanAbid/Open-Source-SIEM_SOC-Stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Architecture Diagram.png
Architecture Diagram.png
 
 
README.md
README.md
 
 

Repository files navigation

Open-Source SIEM/SOC Stack 🛡️

alt text

This project aims to build a complete open-source SIEM/SOC (Security Information and Event Management / Security Operations Center) stack using Docker. The stack integrates powerful tools for threat detection, incident response, threat intelligence, and visualization — providing a comprehensive environment for cybersecurity monitoring and analysis.

Tools Used

  • Wazuh – Security monitoring, intrusion detection, and compliance.
  • Graylog – Log management and analysis.
  • Grafana – Data visualization and dashboards.
  • Shuffle – Security automation and orchestration (SOAR).
  • MISP – Threat intelligence platform.
  • TheHive – Security incident response platform.
  • Cortex – Analyzer engine for automated observables enrichment.
  • DFIR-IRIS – Digital Forensics and Incident Response platform.
  • VirusTotal – Malware and URL scanner (via API integration).
  • ...and many other integrations like Sysmon, packetbeat, Auditd, and more.
All components are containerized using Docker for easy deployment and scalability.

My Blogs & Documentation

🔹 Deploying Wazuh with Docker (Single/Multi-Node)

https://medium.com/@ArfanAbid/deploying-wazuh-with-docker-single-multi-node-0c7547c1c47a

🔹 Configuring Wazuh Agents, Groups, and Vulnerability Detection

https://medium.com/@ArfanAbid/configuring-wazuh-agents-groups-and-vulnerability-detection-7db429836d8b

🔹 Sysmon Config and Sending Logs to Wazuh: Enhancing Endpoint Visibility

https://medium.com/@ArfanAbid/sysmon-config-and-sending-logs-to-wazuh-enhancing-endpoint-visibility-ee2ef3ad5e96

🔹 Wazuh–Graylog Architecture: Normalizing & Enriching Security Logs 🛡️

https://medium.com/@ArfanAbid/wazuh-graylog-architecture-normalizing-enriching-security-logs-%EF%B8%8F-fe2348e916e8

🔹 Configuring Wazuh to Send Logs to Graylog for Normalization (Setting up Filebeat)

https://medium.com/@ArfanAbid/configuring-wazuh-to-send-logs-to-graylog-for-normalization-setting-up-filebeat-563db817a030

🔹 Parsing, Normalizing & Streamlining Wazuh Logs in Graylog

https://medium.com/@ArfanAbid/parsing-normalizing-streamlining-wazuh-logs-in-graylog-a722b7e5d76f

🔹 Setting Up Grafana to Visualize Wazuh (SIEM) Alerts and OPNsense (Firewall) Logs

https://medium.com/@ArfanAbid/setting-up-grafana-to-visualize-wazuh-siem-alerts-and-opnsense-firewall-logs-752cce12d2ef

Arfan Abid

About

Building a complete Open-Source SIEM/SOC stack 🛡️. The stack integrates powerful tools for threat detection, incident response, threat intelligence, and visualization — providing a comprehensive environment for cybersecurity monitoring and analysis.

Topics

elasticsearch automation graylog cybersecurity infosec siem elastic shuffle misp grafana-dashboard thehive cortex playbooks wazuh sirp dfir-iris

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published